<%-- 
    Document   : db1
    Created on : 2014/8/20, 上午 11:20:44
    Author     : Yu
--%>
<%@page import="java.sql.Statement"%>
<%@page import="java.sql.DriverManager"%>
<%@page import="java.sql.Connection"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<%
    Class.forName("com.mysql.jdbc.Driver");
    Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/javadb", "root", "007341");
    //Statement st = con.createStatement();
    String sql = "insert into person(username,tel,birthday)values( ? , ? , ? ) " ;   //不放變數改放?
    java.sql.PreparedStatement ps=con.prepareStatement(sql);   //prepareStatement一定要先有SQL語法才行
    ps.setString(1,"Tom's cat");      //依序把?代表參數填入
    ps.setString(2,"007341");
    ps.setString(3,"1990/04/30");
    int x =ps.executeUpdate( );   //執行資料庫更新

     //int x = st.executeUpdate(sql);
    //st.close();
    con.close();
    ps.close();
   
                     // prepareStatement可避免資料隱碼攻擊
%>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>db1</title>
    </head>
    <body>
        <h1>-----db1-----</h1>
	<%=  x   %>
	
    </body>
</html>
